Lucene search
K

215 matches found

Debian
Debian
added 2023/10/30 8:10 p.m.35 views

[SECURITY] [DLA 3641-1] jetty9 security update

Debian LTS Advisory DLA-3641-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 30, 2023 https://wiki.debian.org/LTS Package : jetty9 Version : 9.4.50-4+deb10u1 CVE ID : CVE-2020-27218 CVE-2023-36478 CVE-2023-44487 Debian Bug : 976211 Two remotely exploitab...

7.5CVSS7.1AI score0.99999EPSS
Exploits20
Tenable Nessus
Tenable Nessus
added 2023/10/27 12:0 a.m.30 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : nghttp2 (SUSE-SU-2023:4200-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4200-1 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/27 12:0 a.m.47 views

SUSE SLES12 Security Update : nghttp2 (SUSE-SU-2023:4199-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4199-1 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/27 12:0 a.m.67 views

SUSE SLES15 Security Update : nodejs18 (SUSE-SU-2023:4207-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4207-1 advisory. - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References13
Tenable Nessus
Tenable Nessus
added 2023/10/27 12:0 a.m.29 views

Fedora 37 : nghttp2 (2023-b2c50535cb)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b2c50535cb advisory. - fix HTTP/2 Rapid Reset CVE-2023-44487 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.46 views

Fedora 37 : nodejs18 (2023-e9c04d81c1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e9c04d81c1 advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.47 views

Fedora 38 : nodejs20 (2023-4d2fd884ea)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4d2fd884ea advisory. 2023-10-13, Version 20.8.1 Current, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

9.8CVSS7.3AI score0.99999EPSS
Exploits19References7
OSV
OSV
added 2023/10/25 9:17 p.m.59 views

GHSA-M425-MQ94-257G gRPC-Go HTTP/2 Rapid Reset vulnerability

Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References5
OSV
OSV
added 2023/10/25 6:19 a.m.87 views

BIT-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References109Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/24 2:57 p.m.63 views

Important: Red Hat Security Advisory: RHACS 3.74 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS7AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.45 views

Rocky Linux 8 : tomcat (RLSA-2023:5928)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5928 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.32 views

Rocky Linux 9 : .NET 7.0 (RLSA-2023:5749)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5749 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.73 views

Oracle Linux 8 : varnish (ELSA-2023-5989)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5989 advisory. varnish 6.0.8-3.1 - Add parameters h2rstallowance and h2rstallowanceperiod to mitigate CVE-2023-44487 varnish-modules Tenable has extracted the preceding...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.52 views

Rocky Linux 9 : nghttp2 (RLSA-2023:5838)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5838 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.52 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2023:5721)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5721 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.40 views

Rocky Linux 8 : grafana (RLSA-2023:5863)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5863 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.58 views

Oracle Linux 9 : grafana (ELSA-2023-5867)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-5867 advisory. - Resolve CVE-2023-44487 Rapid Reset Attack Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.59 views

Oracle Linux 8 : grafana (ELSA-2023-5863)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-5863 advisory. - Resolve CVE-2023-44487 Rapid Reset Attack Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2023/10/21 12:0 a.m.49 views

AlmaLinux 9 : tomcat (ALSA-2023:5929)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5929 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.42 views

Oracle Linux 9 : nodejs (ELSA-2023-5765)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5765 advisory. 1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References2
Rows per page
Query Builder